> Message-Id: <199912140147.MAA10537@balrog.supp.cpr.itg.telecom.com.au>
> From: Simon Burge <simonb@netbsd.org>
> To: tech-kern@netbsd.org
> Subject: Uninitialised variable in ffs_mount()?
> Date: Tue, 14 Dec 1999 12:47:55 +1100
> Sender: tech-kern-owner@netbsd.org
> Precedence: list
> Delivered-To: tech-kern@netbsd.org
>
> Folks,
>
> In ufs/ffs/ffs_vfsops.c:ffs_mount(), "fs" is only initialised in the
> block starting:
>
> if (mp->mnt_flag & MNT_UPDATE) {
>
> but is referenced in a block starting:
>
> if ((mp->mnt_flag & MNT_UPDATE) == 0) {
>
> at line 239 in version 1.56.
that's not what i have at line 239..
line 285, maybe..
> This looks like it could panic with a
> null pointer reference if a softdep enabled filesystem is mounted
> asynchronously. It looks like it's as simple as moving
>
> ump = VFSTOUFS(mp);
> fs = ump->um_fs;
>
> to before line 295 (or better is deleting those two altogether and
> moving the similar lines at line 189 before the first "if") but I don't
> want to mess with areas I don't know about... Anyone want to look into
> this (or tell me if my analysis is flawed)?
I agree that this is a problem; however, fs->fs_fsmnt isn't valid in
the "new mount" case until the copyinstr() on line 306. (and I think
VFSTOUFS(mp) won't work until the ffs_mountfs is done).
ick.
Frank? do you see any better solution?
- Bill